A Penetration Testing & Network Security Blog

November 2016 archive

Kerberos Domain Username Enumeration Over recent years enumerating valid operating system level user names from up-to-date and well-maintained Windows environments, even from an internal test perspective, has become increasingly unlikely. Where RID cycling once provided us with a full list of domain users from an unauthenticated perspective, this is generally no longer the case. However, …